openssl genrsa generate key with a passphrase

when I'm using similar approach what is specified here Generate private key encrypted with password using opensslI'm having issue - I can decrypt without providing a passphase/password. Why is this? I was expecting it to ask for a passphase/password before decrypt it. What am I doing wrong? Below the logs I did in Windows in Git Bash, but I'm getting same result in Ubuntu.

auser@pc MINGW64 ~
$ openssl genrsa -out key.pem -passout pass:foobarpwd 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
........+++++
............................................................................................+++++
e is 65537 (0x010001)
auser@pc MINGW64 ~
$ openssl rsa -in key.pem -pubout -out pub.pem
writing RSA key
auser@pc MINGW64 ~
$ echo "Hi Alice!" | openssl rsautl -encrypt -inkey pub.pem --pubin | base64
ioLPkvYY6+MqNbjQEgkKk+6UctHqPLeZZ12WTSezpWB1Q0aPXecQhptl92OD6Kk0rGbAf3+iFeWI
lYkfZDEs66a3EYRHKPe4ZspEo1mBFxFyI2VjSl0J2k0UEtDcuCion8lRic4GxPLd5tJeDI+hnUYo
Wbmbb3iBcW5HkXrREgq5EfXcQn7pQk9L0jT+KgZ3HOswz4njhPrlP2BHC/DaeobsqXRH3eFnmNt2
0tN8c5v9v1y1Eh0bQ22z3vlWldrbP6B7zU+Thv0N7ftVSOKbQwZ9upN+GCYexQO4KqegER1AwLs6
F3yluElBlHWncPpwwIBjK7TB48VAlYQ+FyFhIQ==
auser@pc MINGW64 ~
$ echo "ioLPkvYY6+MqNbjQEgkKk+6UctHqPLeZZ12WTSezpWB1Q0aPXecQhptl92OD6Kk0rGbAf3+iFeWI
> lYkfZDEs66a3EYRHKPe4ZspEo1mBFxFyI2VjSl0J2k0UEtDcuCion8lRic4GxPLd5tJeDI+hnUYo
> Wbmbb3iBcW5HkXrREgq5EfXcQn7pQk9L0jT+KgZ3HOswz4njhPrlP2BHC/DaeobsqXRH3eFnmNt2
> 0tN8c5v9v1y1Eh0bQ22z3vlWldrbP6B7zU+Thv0N7ftVSOKbQwZ9upN+GCYexQO4KqegER1AwLs6
> F3yluElBlHWncPpwwIBjK7TB48VAlYQ+FyFhIQ==" | base64 -d | openssl rsautl -decrypt -inkey key.pem
Hi Alice!
auser@pc MINGW64 ~
$

auser@pc MINGW64 ~
$ openssl genrsa -out key.pem --passout pass:foobarpwd 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
................................................+++++
......................+++++
e is 65537 (0x010001)
auser@pc MINGW64 ~
$ openssl rsa -in key.pem -pubout -out pub.pem
writing RSA key
auser@pc MINGW64 ~
$ echo "Hi Alice!" | openssl rsautl -encrypt -inkey pub.pem --pubin | base64
eiuR7qf46hMDNUlejo8FGWDRYW6VrTTDV0l93+jP2cz5FSzoFbNXuAFjYHTf5EMBcyRT7ZGXBbgm
TkpuZX5on844j61rTEYLpLH9+bidFuHOpNGp3nSooXCxUs0xX+qKVZQ8ZVHEYUmQGDb++v/f+9/f
LXrl+GiLUAhGePr+rtYVVlE2kwzwLbnUC/G8G+M45xkH6Pqn2ewdalgZY87MlA5ZahSfJxjnB0nC
/5L2iTqD/RbatuQeEFP2oeOhVI+VJbb/ilJBqvVd+eH2Xl4sTySVbfxP5oeEbQSvQqRnJW/ZBhZt
gOcov4hf2vdBm/2jY58y7wMMO1IkbMUZiQRkIg==
auser@pc MINGW64 ~
$ echo "eiuR7qf46hMDNUlejo8FGWDRYW6VrTTDV0l93+jP2cz5FSzoFbNXuAFjYHTf5EMBcyRT7ZGXBbgm
TkpuZX5on844j61rTEYLpLH9+bidFuHOpNGp3nSooXCxUs0xX+qKVZQ8ZVHEYUmQGDb++v/f+9/f
LXrl+GiLUAhGePr+rtYVVlE2kwzwLbnUC/G8G+M45xkH6Pqn2ewdalgZY87MlA5ZahSfJxjnB0nC
/5L2iTqD/RbatuQeEFP2oeOhVI+VJbb/ilJBqvVd+eH2Xl4sTySVbfxP5oeEbQSvQqRnJW/ZBhZt
gOcov4hf2vdBm/2jY58y7wMMO1IkbMUZiQRkIg==" | base64 -d | openssl rsautl -decrypt -inkey key.pem
Hi Alice!
auser@pc MINGW64 ~
$

1 Answer

The reason private key was generated without passphrase is just because there was no encryption has been specified to encrypt generated key. The command should look like

openssl genrsa -des3 -out key3.pem -passout pass:"foobarpwd" 2048
openssl genrsa -aes -out key3.pem -passout pass:"foobarpwd" 2048
openssl genrsa -aes256 -out key3.pem -passout pass:"foobarpwd" 2048

in result the key file will have content when used aes256

Pop Feed Daily

openssl genrsa generate key with a passphrase

1 Answer

Your Answer

Sign up or log in

Post as a guest

You Might Also Like

How can I effectively play a monk solo?

Do any of the Dead Rising 2 books help combo weapons?

Will ranked and unranked Greater Rift Keystones convert to new Greater Rift Keystones in v2.3?

Do I have to become a vampire to get the quest kindred judgement?